FirstBlood-#441 — Reflected XSS on the /login.php endpoint with the goto vulnerable parameter
This issue was discovered on FirstBlood v2
On 2021-10-25, johandu97 Level 4 reported:
Summary
Improper input validation leads to attackers injecting malicious characters causing XSS vulnerabilities
POC
- Hi @zseano, I found reflected xss on /login.php endpoint with goto vulnerable parameter
- Use payload to bypass filter: test123"><scrip<script>t>aleralertt%601%60</scrip</script>t>, xss is executed


Recommendations
Validate/santize malicious inputs that cause xss like < > ' " ...
P3 Medium
Endpoint: /login.php
Parameter: goto
Payload: test123"><scrip<script>t>aleralertt`1`</scrip</script>t>
FirstBlood ID: 26
Vulnerability Type: Reflective XSS
The developers thought they had fixed ?goto= when reflected in an input tag on login.php from a similar bug (
ID 39
), but because this endpoint uses legacy code their changes were not applied here and thus the XSS was forgotten.